senaduka/old-wiaas-legacy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
development
old-wiaas-legacy/api-wiaas/server/components/v2/utils/UtilsModel.php

427 lines
14 KiB
PHP
Raw Permalink Normal View History

Initial commit
2018-06-11 11:09:35 +02:00
<?php
class UtilsModel{
const ID_TYPE_CUSTOMER = 2;
public function downloadFile($idDocument, $fileName, $fileType){
$fileManager = new FileManager();
return $fileManager->downloadFile($idDocument, $fileName, $fileType);
}
public static function sendOrderUpdateMail($mailType, $params, $mailTitle, $mails) {
global $user;
$templateUrl = $mailType.'Template.php';
if(array_key_exists('customer', $mails) && count($mails['customer'])) {
$response = Mail::sendMail($mails['customer'], $mailTitle, $templateUrl, $params);
}
if($user->getUserType() !== USER_TYPES['BROKER']) {
$usersMails = array_key_exists('other', $mails) ? (array) $mails['other'] : [];
$brokerMails = (array) self::getBrokersMail();
$mails['other'] = array_merge($usersMails, $brokerMails);
$params['orderUrl'] = $params['apiOrderUrl'];
$response = Mail::sendMail($mails['other'], $mailTitle, $templateUrl, $params);
}
if($response){
return [
'code' => 'success',
'message' => 'ORDER_UPDATE_MAIL_SENT'
];
}
return [
'code' => 'error',
'message' => 'ERROR_MAIL_SENT'
];
}
/**
* send order confirmation email to user
* @param Array $cartPackages contains the packages ordered
* @param String $userType customer or broker
* @param Array $orderInfo contains information about the order like id, order number and so on
* @return Array confirmation message
*/
public static function sendOrderConfirmationMail($cartPackages, $userType, $orderInfo) {
$mail = '';
$orderUrl = WIAAS_URL.'/api-wiaas/orders?subModule=orders_steps&idOrder='.$orderInfo['idOrder'].'&orderNumber='.$orderInfo['orderNumber'];
if($userType === USER_TYPES['CUSTOMER']) {
$templateUrl = 'orderConfirmationTemplate.php';
$mailTitle = 'Order successfully placed';
$userData = self::getUserData();
if($userData && $userData[0]['mail']) {
$mail = $userData[0]['mail'];
}
$message = 'MAIL_SENT';
$orderUrl = WIAAS_URL.'/orders/'.$orderInfo['idOrder'];
} else if($userType === USER_TYPES['BROKER']){
$templateUrl = 'orderConfirmationBrokerTemplate.php';
$mailTitle = 'New order placed';
$brokerData = self::getBrokersMail();
if($brokerData) {
$mail = $brokerData;
}
$message = 'BROKER_MAIL_SENT';
}
$currentDate = new DateTime();
$currentDate = $currentDate->format('d-m-Y H:i');
$params = [
'cartPackages' => $cartPackages,
'currentDate' => $currentDate,
'orderNumber' => $orderInfo['orderNumber'],
'orderDate' => $orderInfo['orderDate'],
'orderUrl' => $orderUrl
];
$response = Mail::sendMail($mail, $mailTitle, $templateUrl, $params);
if($response){
return [
'code' => 'success',
'message' => $message
];
}
return [
'code' => 'error',
'message' => 'ERROR_MAIL_SENT'
];
}
/**
* fetches the username and the email for the broker
* @return String mail of the broker
*/
public static function getBrokersMail() {
global $database;
$sql="
SELECT u.mail
FROM ".TABLES['brokers']." b
INNER JOIN ".TABLES['users']." u
ON u.id = b.idUser";
$result = $database->query($sql);
while($row = $database->fetchArray($result)) {
if($row['mail'] !== '') {
$mailArray[] = $row['mail'];
}
}
return (count($mailArray) === 0 || count($mailArray) > 1) ? $mailArray : $mailArray[0];
}
/**
* fetches the username and the email for the user logged in
* @return Array username and mail
*/
private static function getUserData($username = '') {
global $database, $user;
$username = $username ? $username : $user->getUser();
$sql = "SELECT
u.mail,
u.username,
ut.type,
rut.idType AS idUserType
FROM ".TABLES['users']." u
INNER JOIN ".TABLES['rel_user_type']." rut
ON rut.idUser=u.id
INNER JOIN ".TABLES['user_types']." ut
ON ut.id = rut.idType
WHERE u.username='".$database->escapeValue($username)."'";
return $database->fetchResultArray($sql);
}
/**
* generate a filter condition on gadget filter
* @param Array $filters array of filters
* @return string sql filter condtion
*/
public static function setFilterSql($filters){
$whereSql = "1=1";
if(!empty($filters)){
foreach ($filters as $key => $filterValue) {
$whereSql .= " AND $key like '%$filterValue%'";
}
}
return $whereSql;
}
/**
* add sorting for orders central
* @param String $sortBy sql for order by
*/
public static function setOrderBySql($sortBy){
$orderBySql = "";
if(isset($sortBy->key) && isset($sortBy->direction) ){
$orderBySql .= $sortBy->key." ".$sortBy->direction;
}
return $orderBySql;
}
/**
* changes the password for the current user
* @param String $password if empty, a random pass will be generated
* @return Array confirmation message
*/
public static function changePassword($passwords, $username = '') {
global $database, $user;
$passwords = (array) json_decode($passwords);
if($userInfo = self::getUserData($username)) {
$userInfo = $userInfo[0];
} else {
$data['messages'][] = [
'code' => 'error',
'message' => 'WRONG_USERNAME'
];
return $data;
}
$isForReset = $username ? true : false;
if($data = self::validatePassword($userInfo['username'], $passwords, $isForReset)) {
return $data;
}
$password = $passwords['newPassword'];
$passwordHashed = $user->hashPassword($database->escapeValue($password));
$sql = "UPDATE
".TABLES['users']." u
SET
u.password='".$passwordHashed."',
u.token=null,
u.tokenTS=null
WHERE u.username='".$database->escapeValue($userInfo['username'])."'";
$result = $database->query($sql);
if($database->affectedRows() == 1) {
$data['messages'][] = [
'code' => 'success',
'message' => 'PASSWORD_GENERATED'
];
} else {
$data['messages'][] = [
'code' => 'error',
'message' => 'ERROR_PASSWORD_GENERATED'
];
}
$data['messages'][] = self::sendUserConfirmationMail($userInfo, $userInfo['mail'], 'change');
return $data;
}
private static function validatePassword($username, $passwordData, $isForReset = false) {
global $database, $user;
$data = [];
if ((!array_key_exists('newPassword', $passwordData) || $passwordData['newPassword'] === '') ||
(!array_key_exists('confirmPassword', $passwordData) || $passwordData['confirmPassword'] === '')) {
$data['messages'][] = [
'code' => 'error',
'message' => 'PASSWORDS_MISSING'
];
return $data;
}
$newPassword = $database->escapeValue($passwordData['newPassword']);
$confirmPassword = $database->escapeValue($passwordData['confirmPassword']);
if(!$isForReset) {
if($data = self::validateOldPassword($passwordData, $username)) {
return $data;
}
$oldPassword = $database->escapeValue($passwordData['oldPassword']);
if($oldPassword === $newPassword) {
$data['messages'][] = [
'code' => 'error',
'message' => 'PASSWORD_SAME'
];
return $data;
}
}
if($newPassword !== $confirmPassword) {
$data['messages'][] = [
'code' => 'error',
'message' => 'PASSWORD_MISMATCH'
];
return $data;
}
if((strlen($newPassword) < 8) ||
!preg_match("/((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%-_]).{8,20})/", $newPassword)
) {
$data['messages'][] = [
'code' => 'error',
'message' => 'PASSWORD_INCORRECT'
];
}
return $data;
}
private static function validateOldPassword($passwordData, $username) {
global $database, $user;
$data = [];
$oldPassword = $database->escapeValue($passwordData['oldPassword']);
if (!array_key_exists('oldPassword', $passwordData) || $passwordData['oldPassword'] === '') {
$data['messages'][] = [
'code' => 'error',
'message' => 'PASSWORDS_MISSING'
];
return $data;
}
$sql = "SELECT u.password
FROM ".TABLES['users']." u
WHERE u.username='".$database->escapeValue($username)."'
LIMIT 1";
$row = $database->fetchResultArray($sql);
if($row[0] && $row[0]['password'] && !password_verify($oldPassword, $row[0]['password'])) {
$data['messages'][] = [
'code' => 'error',
'message' => 'OLD_PASSWORD_MISMATCH'
];
}
return $data;
}
/**
* send confirmation mail to user for creation
* @param Object $userInfo
* @param String $password
* @param String $mail
* @return Array confirmation message
*/
public static function sendUserConfirmationMail($userInfo, $mail, $action, $token = '') {
switch($action) {
case 'create':
$mailTitle = APPLICATION_NAME.' user created';
$templateUrl = 'createUserTemplate.php';
break;
case 'generate':
$mailTitle = APPLICATION_NAME.' password generated';
$templateUrl = 'generatePasswordUserTemplate.php';
break;
case 'change':
$mailTitle = APPLICATION_NAME.' password changed';
$templateUrl = 'changedPasswordTemplate.php';
break;
default:
return [
'code' => 'error',
'message' => 'ACTION_NOT_SET'
];
}
$passwordValidationUrl = $userInfo['idUserType'] == self::ID_TYPE_CUSTOMER ? WIAAS_URL.'/changePassword/' . $token : WIAAS_URL.'/api-wiaas/login?token=' . $token;
$params = [
'username' => $userInfo['username'],
'wiaas' => $userInfo['type'] === USER_TYPES['CUSTOMER'] ? WIAAS_URL : WIAAS_URL.'/api-wiaas',
'urlValidate' => $passwordValidationUrl
];
$response = Mail::sendMail($mail, $mailTitle, $templateUrl, $params);
if($response){
return [
'code' => 'success',
'message' => 'MAIL_SENT'
];
}
return [
'code' => 'error',
'message' => 'ERROR_MAIL_SENT'
];
}
/**
* return true or false if the user logged in is a company admin or not
* @return Bool true if the user is company admin
*/
public static function checkIfUserIsCompanyAdmin() {
global $database, $user;
$idUser = $user->getUserId();
$sql = "
SELECT
u.isCompanyAdmin
FROM
".TABLES['users']." u
WHERE u.id = $idUser";
$data = $database->fetchResultArray($sql);
return count($data) && $data[0]['isCompanyAdmin'] ? true : false;
}
/**
* returns the mail and order number for an order
* @param Int $idOrder the id of the order
* @return Array mail of the customer and the order number
*/
public static function getDataForMailToCustomer($idOrder) {
global $database;
$sqlCustomerInfo = "
SELECT u.mail,
o.orderNumber
FROM ".TABLES['customers']." c
INNER JOIN ".TABLES['rel_commercial_lead_customers']." rclc
ON c.id=rclc.idCustomer
INNER JOIN ".TABLES['users']." u
ON u.id = c.idUser
INNER JOIN ".TABLES['orders']." o
ON o.idCustomerInstance=rclc.id
WHERE o.id=$idOrder
LIMIT 1";
$query = $database->query($sqlCustomerInfo);
return $database->fetchArray($query);
}
/**
* get the orderNumber based on the order id
* @param Int $idOrder the id of the order
* @return Int the order number of that order
*/
public static function getOrderNumberById($idOrder) {
global $database;
$sql = "
SELECT
o.orderNumber
FROM
".TABLES['orders']." o
WHERE o.id = $idOrder
LIMIT 1
";
$orderNumberArray = $database->fetchResultArray($sql);
if($orderNumberArray && $orderNumberArray[0]) {
return array_key_exists('orderNumber', $orderNumberArray[0]) ? $orderNumberArray[0]['orderNumber'] : '';
}
return '';
}
}
Reference in New Issue Copy Permalink